The End: Uncharted waters

Criminals will thrive if they can find a base where the rules don't apply, warns Ed Gibson.

When I was with the FBI, we went to great lengths to establish "on-the-ground" relationships with counterparts across the globe. The ability to pick up the phone and talk to a familiar person to assist with a life-or-death matter was paramount. But these trusted relationships didn't just happen. They were built over time. And we had to speak the local language.

In the commercial world, I think of HSBC's moniker of being the world's local bank. You may have seen their vivid ads highlighting that "local knowledge is key". Things are no different in the cyber world. If you are going to play in the cyber backyard, you'd better know the local rules.

I indicated to readers last month that we would be taking a journey into the criminal cyber world. I said before that it might not be pleasant at times, but let's get started as we have now reached our first stop: the Principality of Sealand (www.sealandgov.com).

Sealand is located in the southern part of the North Sea, some six miles off the coast of Britain. According to its website, it was founded as a sovereign principality in 1967. Essentially, it is a WWII bunker, which the current occupants assert was deserted and abandoned by the British Government. HavenCo, according to its website, is "offering the world's most secure managed servers in the world's only true free-market environment, the Principality of Sealand. Sealand has no laws governing data traffic, and the terms of HavenCo's agreement with Sealand provide that none shall ever be enacted." Oh, didn't I tell you? "(HavenCo) is building a secure managed co-location business with the added advantage that customers' data will also be physically secure against any legal action."

The simple fact is that there are countries that simply do not want to have legal or political relationships with industrialised countries such as the UK or US. I might therefore choose to send an extortion demand via an internet-proxy service located in an "unfriendly" country to you, demanding you to transfer huge sums via a non-traditional money-transmitting facility to my account in another unfriendly country. Given the current state of play it would be difficult to find me, even if I had been sitting next to you at the local internet cafe.

But first things first. You must understand this simple premise, as it underlies the very need for cyber security: It is all about criminals. And if these are operating in one of the "non-relationship" countries (as described above), it is significantly more difficult for law enforcement to police the internet.

I was at the Serious Organised Crime Agency (SOCA) earlier this month to hear first-hand what the body, launched only last April, has accomplished, particularly in the e-crime arena. I was impressed. They emphasised the critical need for global partnerships to understanding the environment.

As criminals will continue to commit burglary, shoplift, or take advantage of vulnerable people, organised crime will continue to improve its technology to do everything it can to break into your computing environment - from spam, phishing and identity theft to blackmail, extortion, or worse. Just as each of us takes steps to help create a more clean and green world, we need to take easy, and in many cases free, measures to create a safer computing environment. A good place to start is the Government website www.GetSafeOnline.org.

When there are off-shore companies offering an environment where customers data is effectively immune from prosecution, is it too much to ask for each of us to take a few precautions such as insuring an up-to-date operating system and firewall, and having anti-spam/virus software? Remember, unlike your and my backyards, the criminals' world has no rules.

The winds of the perfect storm are beginning to howl. The next stop on our cyber journey will be New York City. Here we will meet Mr Stark Reality.

Ed Gibson is the chief security adviser to Microsoft UK. Prior to this, he was a special agent with the FBI. You can contact him at EdGibson@Microsoft.com.

SC Media UK arms cyber-security professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies.